My recent article about how Microsoft’s dismal history of releasing dangerous Windows 10 updates gives people good reason to switch to a different operating system produced more mail from readers than anything I’ve written for Forbes in the last three years. Almost all that mail was from long-time Windows users who were fed up, looking for an alternative and asking about Chromebooks and Chrome OS.
Chrome OS updates automatically in the background without inconveniencing the user. Google rolls out security updates as soon as they’re ready and applies them silently when a Chromebook boots up. Compare this with Windows which interrupts work and forces an update either immediately or in the near future. Windows 10 updates are annoying, disruptive and and have a consistent history of breaking programs or making computers unusable.
Security updates for Chrome OS are not only painless, they play a key role in making Chrome what many consider the most secure operating system in the consumer market. Here’s why Chrome OS is so secure.
One way to increase an operating system’s efficiency is to let processes running on the system share resources. You don’t have to create a separate resource pool for every process if you create a common pool that every process can share. The problem with this approach is that malicious code that gets into the resource pool can spread throughout the system. The solution is sandboxing.
Sandboxing locks a process into an isolated environment that doesn’t share resources with anything else. If malicious code gets into a tight sandbox, it can’t get out. Most importantly, it can’t get out and embed itself in the operating system where it can create serious problems.
Chrome OS sandboxes with a vengeance. Every program and every app runs in its own sandbox. Every tab and every webpage in the Chrome browser is sandboxed. If you visit a website that downloads malware into your system, it stays in the sandbox. Close the tab and poof! it’s gone.
Suppose something escapes the sandbox and infects the operating system. What do you do then? Simple, start up your Chromebook and the problem will probably be solved. Google calls it verified boot.
When Chrome OS boots, every component of the operating system is compared to the current version verified by Google. If a discrepancy is found, the operating system is quickly replaced with a clean and up-to-date version. This happens every time you start up a Chromebook.
Verified Boot is great for maintaining security but it only works if the user shuts the Chromebook down instead of putting it to sleep. If you’re switching to Chrome OS from Windows (or macOS) you may have gotten into the habit of letting your computer sleep so you don’t have to wait through the 30 to 90 second boot up procedure when you come back.
Breaking that habit with a Chromebook is relatively painless because Chromebooks are fast. My Pixelbook with an Intel seventh generation core i5 processor, 8 GB RAM and 12 GB storage takes about 8 seconds to arrive at the password screen and between 3 and 4 seconds to reach full readiness after the password is entered.
Add automatic updating to the mix and you can see why Chrome OS is so secure. During the boot sequence Chrome OS checks to see if a new update is available. If one is, it installs it without interrupting the user. It’s seamless, painless and efficient.
Aggressive sandboxing helps keep malicious code from infecting a Chromebook. If malware manages to escape the sandbox and infect the operating system, it’s discovered and eliminated the next time the system is powered up. Any security updates released since the last time the Chromebook was turned on are automatically applied. All of this takes place in the background without inconveniencing the user. All you have to do is use your Chromebook, turn it off when you’re finished and turn it back on.
Chrome OS is more secure than other popular operating systems but no operating system is 100% secure. What happens if Chrome’s defense in depth fails and a Chromebook is compromised? You powerwash it.
Powerwash is what Google calls a factory reset. It completely wipes a Chromebook’s hard drive and installs a clean copy of the current version of Chrome OS.
If you’ve ever had to reinstall Windows, you’re probably thinking powerwashing a Chromebook sounds like a nightmare. In fact, like almost everything else about Chrome OS, it’s easy. After you reinstall Windows you have to manually reinstall most of the programs you were using on your Windows machine. If you’ve done that once, you probably don’t want to do it again. You don’t have to reinstall any programs or apps after a powerwash. If you’ve stored personal files on the Chromebook’s hard drive, you have to back them up before you powerwash and then reload them. If you store your personal files in the cloud, you don’t even have to do that.
You don’t have to reinstall programs and apps because Google does it for you. The user signs into a Chromebook with their Google account. If syncing is turned on—which it should be to take maximum advantage of the Chrome OS security features—all the programs and apps on the Chromebook are always synced to Google’s servers. When the user signs in to Chrome OS on their freshly powerwashed Chromebook, Google replaces all the programs and apps just as they were before. You have to wait while your programs and apps load but that’s all you have to do. Power the Chromebook up, log in, and in a short time your system is just the way you left it minus the problems that led to the powerwash in the first place. Note that if you switch to a new Chromebook, this same procedure duplicates the way your system was set up on the old Chromebook. All you have to do is log in.
Security and ease of use were built into Chrome OS from the ground up and it shows. If you’re thinking about escaping the constant threat that a Windows 10 update will bork your computer, give some thought to a Chromebook. You’ll not only reduce or eliminate your update worries, you’ll have the most secure computing platform in the consumer space and all you have to do to keep it up to date and secure is turn it on and off.